In the evolving market of the data replication industry in China, qualification and certification serve as the cornerstones for product sales and technical services. Given that data replication encompasses critical application services such as disaster recovery (DR), data synchronization, and system migration, and must adhere to the stringent security requirements of various sectors, obtaining the relevant certification is paramount. These qualifications are not only essential for regulating market behavior but also act as a robust guarantee for the healthy development of the industry.
1. International Information Security Certifications: ISO 27001 and ISO 20000
In the globalized information market, the ISO 27001 Information Security Management System (ISMS) and ISO 20000 IT Service Management System (ITSMS) standards have become internationally recognized qualifications.
- ISO 27001: As the world’s most widely adopted ISMS standard, its latest revision (released in October 2022) places greater emphasis on cybersecurity and privacy protection. This certification proves an organization’s capability for standardized management in preventing information leakage, offering a significant advantage in market bidding and building customer trust.
- ISO 20000: This standard defines comprehensive service management processes for organizations and is the international benchmark for IT Service Management. Achieving ISO 20000 certification signifies that an enterprise’s IT service management has reached internationally recognized standards, further enhancing its competitiveness in information technology.
For Chinese high-tech enterprises expanding overseas, these international certifications are not only basic compliance requirements but also crucial avenues for elevating corporate brand image and market competitiveness. Relevant certification information can be verified on the website of the Certification and Accreditation Administration of China (CNCA).
2. Common Domestic Information Technology and Security Management Certifications
2.1. Confidential Information System Product Testing Certificate
The Confidential Information System Product Testing Certificate is issued after testing and authorization by the Security and Confidentiality Evaluation Center for Confidential Information Systems under the National Administration of State Secrets Protection (NASSP).
- Guided by NASSP, this certification assesses the security and confidentiality of confidential information systems based on national standards and regulations, and the evaluation results serve as the basis for NASSP’s approval of such systems.
- The Center also tests security and confidentiality products intended for use in these systems. Upon approval by NASSP, qualifying products are granted the Certificate and are listed in the official catalog approved for use.
- The tested products primarily fall into 12 categories, including isolation cards, firewalls, vulnerability scanners, intrusion detection systems, secure middleware, and terminal security products. Enterprises must obtain this certificate if their products are to be used within confidential information systems.
2.2. China National Information Security Product Certification
The China National Information Security Product Certification Certificate is issued by the China Information Security Certification Center (ISCCC), the dedicated authority responsible for implementing information security certification in China.
- This certification confirms that a product’s quality and security meet relevant standards and technical specifications, fulfilling a necessary condition for entry into the government procurement market.
- Since May 1, 2010, 13 types of products—including firewalls, secure isolation and information exchange systems, data backup and recovery, and secure operating systems—have been subject to mandatory certification within the scope specified by China’s Government Procurement Law. Products without this certificate are prohibited from government procurement.
2.3. Computer Information System Security Special Product Sales Permit (Discontinued)
The Computer Information System Security Special Product Sales Permit was previously issued by the Public Information Network Security Supervision Bureau of the Ministry of Public Security.
Note: As of July 1, 2023, the issuance of this license has been discontinued, and product manufacturers no longer need to apply for it. Products that obtained the license before this date may continue to be sold or offered within their validity period.
2.4. Safety Certification for Network Critical Equipment and Cybersecurity Dedicated Products
This professional certification is conducted by the national cybersecurity management department or its authorized third-party agencies.
- It ensures that network critical equipment and cybersecurity dedicated products comply with national security standards during design and implementation to effectively prevent cyberattacks and data leaks.
- Products obtaining this certification are considered highly secure and trustworthy, and are prioritized for application in critical information infrastructure and important fields of the country. This is vital for enhancing China’s cybersecurity defense capabilities.
2.5. Cross-Regional Value-Added Telecommunications Business Operating License
The Cross-Regional Value-Added Telecommunications (VAT) Business Operating License is required for services covering two or more provinces, autonomous regions, or municipalities.
- It must be approved by the Ministry of Industry and Information Technology (MIIT).
- According to China’s regulations, operational websites providing Internet Information Services must obtain this license (known as the Operational ICP License), or they are considered to be operating illegally. Non-operational websites must complete a non-business Internet Information Service Filing.
3. Other Technology and Corporate Certifications
| Certification | Full Name/Description | Key Focus | Issuing Body/Authority |
|---|---|---|---|
| CISDR | China Information Security and Disaster Recovery (National-level certification) | Crucial assessment for service qualification, and a key metric for the professional competence of personnel in IS and DR. | Jointly launched by the National Engineering Laboratory for Disaster Backup Technology, MOE Key Laboratory of Network Offensive and Defensive, and China Information Security Certification Center. |
| DRI International | Disaster Recovery Institute International | Personal certifications (CFCP, ABCP, CBCP, MBCP) in Business Continuity (BC). | Conducted in China through DRI China. Example: CBCP requires two years of relevant work experience, course completion, and a passing exam. |
| DCMM | Data Management Capability Maturity Assessment Model | China’s national standard defining 8 core capability domains to help enterprises evaluate and improve their data management and application level. | National Standard in the field of data management. |
| CMMI/CMM | Capability Maturity Model Integration | A software process improvement approach (developed by the U.S. DoD and CMU) to assess and enhance software quality and development efficiency across five maturity levels. | International Standard for software process management. |
| ITSS | Information Technology Service Standards | A comprehensive national standard library drafted under the guidance of MIIT and SAC, regulating IT service products and elements from planning to supervision. | National Standard for IT Service Standards in China. |
| i2CP | Yingfu Software i2CP Advanced Certified Engineer | High-level engineer certification for technical personnel and partners, requiring mastery of Linux/Windows OS and basic Oracle database operation for professional replication technology support. | Yingfu Software (Vendor Certification). |
| CSSP | Huawei Certified Service Solution Partner | Certification system launched by Huawei in 2018 to collaborate with ecosystem partners on service solutions for digital transformation across three fields: Cloud Enablement, Operations, and Tool Platforms. | Huawei (Vendor Certification). |
| CISAW DR | CISAW Disaster Backup and Recovery Certification Training | The only authoritative domestic qualification course specifically for the DR field, aiming to cultivate high-end talent with a systematic DR knowledge base and practical skills. | Developed and operated by the Beijing Information Disaster Backup Technology Industry Alliance; certificates issued by CCRC. |
4. Beijing Information Disaster Backup Technology Industry Alliance Services
The Alliance is dedicated to providing full-lifecycle disaster recovery solutions and is a major player in the industry.
Consulting and Planning
Specializes in full-cycle solutions:
- DR Business Consulting and Planning: Tailored data backup, application disaster recovery, and recovery plan development.
- Business Continuity Management (BCM): System design based on risk assessment, covering contingency plan formulation, emergency response, and continuous optimization.
- Practical Emergency Drill Services: Multi-scenario testing to enhance organizational coordination and validate contingency plans.
- Data Center Lifecycle Services: Including site selection, construction planning, intelligent O&M, and security architecture design.
- Industry Think Tank Support: Regular in-depth reports on DR technology trends, policies, and market dynamics.
Evaluation Services
The Alliance provides professional assessment capabilities, including:
- Information System Security Level Protection Assessment (DJCP)
- Commercial Cryptography Application Security Assessment
- Data Center (Disaster Recovery Capability) Assessment
- Data Security Risk Assessment
- Domestic IT Product Assessment (Xinchuang Product Testing)
These services help clients fully understand their security posture, identify potential risks, and provide a scientific basis for corporate security decision-making.